Alcatel-Lucent OmniSwitch 6860 Series

To Next Page

To Previous Page

Configuring Access Guardian Access Guardian Application Examples

OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-104

• The Captive Portal authentication pass condition applies a new access policy list to the client.

• If Captive Portal authentication fails, the client remains in a built-in Captive Portal pre-login state.

Application Example 5: IP Phone (LLDP Network Policy TLV/

Mobile Tag)

In this example, network access control is provided for the following IP phone devices:

• An IP phone enabled for LLDP Network Policy TLV and connected to a switch that is configured to

send a Network Policy TLV with tagged VLAN.

• An IP phone that is statically configured to tag traffic with a specific VLAN.

The VLAN associated with the UNP profile to which the IP phone is assigned, must be tagged on the port

after authentication. The following configuration steps provide a brief tutorial for how to achieve this:

1 Configure a RADIUS server.

-> aaa radius-server alu-authserver host 10.242.254.101 hash-key secret

retransmit 3 timeout 2 auth-port 1812 acct-port 1813

2 Create an AAA profile to pre-define and apply a specific AAA configuration for this example.

-> aaa profile ag-aaa-profile device-authentication 802.1x alu-authserver

-> aaa profile ag-aaa-profile accounting 802.1x alu-authserver

-> aaa profile ag-aaa-profile device-authentication mac alu-authserver

-> aaa profile ag-aaa-profile accounting mac alu-authserver

-> aaa profile ag-aaa-profile device-authentication captive-portal alu-

authserver

-> aaa profile ag-aaa-profile accounting captive-portal alu-authserver

3 Create the required VLANs.

-> vlan 10 admin-state disable name vlan-block

-> vlan 20 admin-state enable name vlan-corporate

-> vlan 30 admin-state enable name vlan-guest

-> vlan 40 admin-state enable name vlan-voice

4 Create the required UNP profiles.

-> unp profile corporate

-> unp profile guest

-> unp profile corporate-voice

5 Map each of the UNP profiles to an appropriate VLAN.

-> unp profile corporate map vlan 20

-> unp profile guest map vlan 30

-> unp profile corporate-voice map vlan 40

6 Enable mobile tagging on the UNP profile.

-> unp profile corporate-voice mobile-tag

7 Create a default UNP profile to assign to the UNP port.

-> unp profile def_unp

Related product manuals